Yang Wang

Multi-National Study of SNS Privacy

Social network sites (SNSs) have become a global phenomenon. Meanwhile, privacy issues in SNS have been hotly discussed in public media, particularly about Facebook in the US media. Despite the steady rise of SNS worldwide, there is still little understanding of SNS privacy in other countries. To the best of our knowledge, this is the first empirical cross-cultural study that focuses on SNS privacy. Several studies have shown that the Internet usage and behavior vary across different cultures (such as in instant messaging, SNS, and online information sharing). We hypothesize that different cultures may affect how SNS users perceive and make privacy-sensitive decisions.


We conducted an online survey study that investigates American, Chinese, and Indian social networking site (SNS) users’ privacy attitudes and practices. Based on 924 valid responses from the three countries, we found that generally American respondents were the most privacy concerned, followed by the Chinese and Indians. However, the US sample exhibited the lowest level of desire to restrict the visibility of their SNS information to certain people (e.g., co-workers). The Chinese respondents showed significantly higher concerns about identity issues on SNS such as fake names and impersonation. The Indian and Chinese samples had much higher percentage of users who prefer targeted ads over untargetted ads. About one third of our respondents found SNS privacy settings hard to use.

We are currently collecting data from France and working on an Arabic version of the survey.

Preliminary results were reported in:

Y. Wang, G. Norcie, L.F. Cranor. Who Is Concerned about What? A Study of American, Chinese and Indian Users’ Privacy Concerns on Social Networking Sites In Proceedings of the 4th International Conference on Trust and Trustworthy Computing (TRUST2011).

Regrets on Facebook

As social networking sites (SNSs) gain in popularity, regrettable stories continue to be reported by news media. In September 2010, a British teen created an event on Facebook to invite a few close friends to her birthday party, but did not mark the event as private. This drew tens of thousands of potential attendees, and attracted local police attention. In another case, a perogie mascot for the Pittsburgh Pirates was fired because he posted disparaging comments about the team on his Facebook page. More recently, a high school teacher was forced to resign because she posted a picture on Facebook in which she was holding a glass of wine and a mug of beer. These incidents demonstrate the negative impact that a single act can have on an SNS user.

In order to protect users’ welfare and create a healthy and sustainable online social enviornment, it is imperative to understand these regrettable actions and, more importantly, to help users avoid them. While there is a large body of SNS literature, we found little empirical research that focuses on the negative aspects of SNS usage. In this work, we examine accounts of regrettable incidents that we collected through surveys, interviews and user diaries. We chose to focus on Facebook because it is a hugely popular SNS with more than 500 million active users. Our aim is to develop a taxonomy of regrets, analyze their causes and consequences, and examine users’ existing coping mechanisms.

Preliminary results were reported in:

Y. Wang, S. Komanduri, P.G. Leon, G. Norcie, A. Acquisti, L.F. Cranor. “I regretted the minute I pressed share”: A Qualitative Study of Regrets on Facebook In Proceedings of the 7th Symposium on Usable Privacy and Security (SOUPS2011).

PEP: Privacy-Enhanced Personalization

Web personalization has demonstrated to be advantageous for both online customers and vendors. However, its benefits are severely counteracted by privacy concerns. Personalized systems need to take these into account, as well as privacy laws and industry self-regulations that may be in effect. Our review of more than 40 national privacy laws shows that when these constraints are present, they not only affect the personal data that can be collected, but also the methods that can be used to process the data.

The PEP project aims at maximizing the personalization benefits, while at the same time satisfying the currently prevailing privacy constraints. Since such privacy constraints can change over time, we seek a systematic and flexible mechanism that can cater to this dynamics. We looked at several existing approaches and found that they fail to present a practical and efficient solution. Inspired by the ability of software product line architecture (PLA) to support software variability, we proposed a personalization framework (see the figure below) that enables run-time re-configurations of the personalized system to cater to a user’s prevailing privacy constraints. The mappings between privacy constraints and the system architecture can be hard to model and maintain. Building on the ideas from software configuration management, I modeled these mappings using change sets and relationships that support better traceability and separation of concern. I developed a system prototype based on ArchStudio, an open-source architecture-based development platform.


Our PLA-based approach realizes PEP by instantiating separate personalization systems, potentially one for each user. This puts the system performance and scalability into question. To address this issue, I designed and implemented two optimizations: a multi-level caching mechanism, and a distributed request processing mechanism. Based on my performance evaluation, the combination of these two measures can significantly improve the system performance. With a moderate number of computers in a cloud computing environment, international sites with even the most heavy Internet traffic (e.g., Yahoo) can adopt the PLA-based approach to enable PEP. I am currently also conducting an experiment to assess the effectiveness of this approach from a user’s standpoint. The results will be compared with the findings of a similar experiment conducted by collaborators in Germany. From this, we aim to gain a cross-cultural insight into people’s perceptions and attitudes towards privacy-enhancing techniques.

Prof. Alfred Kobsa, Prof. André van der Hoek, Dr. Eric Dashofy and Scott Hendrickson provide tremendous insights to this project. Related publications can be found here.

Virtual Currency: not so virtual

What happens when the domains of HCI design and money intersect? The field of HCI has long prioritized understanding the contexts within which technologies are adapted and appropriated by their users. Though acknowledging that these contexts often have critical economic aspects (e.g., the “digital divide”), relatively little work in HCI has focused on the significance of money itself as one aspect of user interface and user experience design.

Money is more than just another kind of data. It is a social construct of complex psychological and cultural power. Its use entails connection to wider contexts, not just to “the market”, but also to contested structures of personal and public meaning, like social class and political economy. Moreover, the role of money in online experience and culture is becoming more important with the growth of paradigms such as collaborative community sites and virtual worlds. For example, with banking services being mashed up with social networking (e.g., prosper.com), or virtual worlds being marketed as real economies (e.g., Second Life), what it means to incorporate money into HCI design takes on new and broader relevance.

Thanks to Intel's support, Dr. Scott Mainwaring and I conducted an exploratory ethnographic study of virtual currency (VC) use in China in 2007. There is an estimate of 200 million VC users in China. We sought not only to better understand China’s huge online population as an important market and domain of innovation, but to gain a useful, defamilarized vantage point from which to think more generally about the emerging relationships between human-currency interaction and human-computer interaction.



Based on 5 weeks of fieldwork in four cities in China, our study reveals that how VC is perceived, obtained, and spent can critically shape gamers’ behavior and experience. Virtual and real currencies can interact in complex ways that promote, extend, and/or interfere with the value and character of game worlds. Bringing money into HCI design heightens existing issues of realness, trust, and fairness, and thus presents new challenges and opportunities for user experience innovation. This study was quoted in news media such as BusinessWeek. Related publications can be found here.

MetaBlog: understanding the global blogging community

The weblog, or “blog”, has quickly risen as a means for self-expression and sharing knowledge for people across geographic distance. Inspired by previous studies that show significant differences in technology practices across cultures, we conducted the first multilingual worldwide blogging survey to investigate the influence of regional culture on a blogging community. We asked the research question of whether bloggers are more influenced by their local cultures with respect to their sense of community, or rather whether a “universal” Internet culture is a stronger influence of community feeling.

Our results, based on 1232 participants from four continents show that while smaller differences could be found between Eastern and Western cultures, overall the global blogging community is indeed dominated by an Internet culture that shows no profound differences across cultures. However, one significant exception was found in Japanese bloggers and their concealment of identity. Compared to other cultures, the Japanese score was highly skewed towards not revealing identities (see the figure below, courtsey of Norman Su), even with the use of aliases. This presents a paradox in that, on the one hand, Japanese view blogs as an entertainment medium, whereas on the other hand, Japanese express personal matters and are extremely private.


Our research team includes Prof. Gloria Mark, Norman Su, Jon Froehlich, Brandon Herdrick, Xuefei Fan, Kelly H. Kim,Tosin Aieylokun, Louise Barkhuus, and myself. We created a blog for this project and two publications about this project can be found here.


我们的博客调查的结果发表在两篇国际会议论文中(2005国际社区与技术大会, 2005国际社会智能设计大会)。你可以在下面下载这两篇文章(英文)。简单的说,这两篇论文从以下四个方面比较博客社区:积极性,声誉,社会联系性,身份。第一篇论文比较不同文化背景下的博客社区,第二篇论文比较不同主题类型的博客(政治与个人)。比如,在第一篇论文中,我们调查研究发现日本博客比其他国家的博客更注意隐藏他们的真实身份。在第二篇论文中,我们调查发现政治博客比个人博客具有更强的社会联系性。如果你只想知道一个大概,那么你可以只读论文的介绍和结论部分(就像绝大多数研究人员那样)。

这份问卷调查的准备离不开我们聪明的伙伴们:Jon Froehlich, Brandon Herdrick, Xuefei Fan, Kelly H. Kim,Louise Barkhuus。我们都是Gloria Mark教授的数量统计课的一部份,我们之间的合作十分的愉快。最后,我们特别要感谢帮助我们宣传这个问卷的朋友和所有博客朋友们,你们反馈的意见和建设性的批评使我们受益匪浅。如果你对我们的博客调查有任何的疑问,请先从我们的两篇论文中寻找答案。如果你仍有任何的意见或问题,请直接写电子邮件给我们:normsu or yangwang [at] ics [dot] uci [dot] edu。我们将通过电邮回复你。

作者:Norman Makoto Su, Yang Wang, Gloria Mark, Tosin Aiyelokun, Tadashi Nakano

作者:Norman Makoto Su, Yang Wang, Gloria Mark

Usability of Secure Device Pairing Methods: a comparative study

Electronic devices increasingly need to communicate among themselves, e.g., connecting a Bluetooth headset with your cell-phone. However, establishing communication between two devices over a wireless channel is vulnerable to Man-in-the-Middle attacks. Secure device pairing refers to the establishment of secure communication between two devices over a wireless channel. A number of methods have been proposed to mitigate these attacks by leveraging human perceptual capabilities, e.g., visual, to create “out-of-band” authentication channels. However, these methods put various burdens on the users.

I was a core research member of a comparative usability study that asked users to connect two cellphones using 11 secure device pairing methods. For each method, we took several usability measures such as task completion rate, task performance time, user's perceived security, and System Usabilty Scale (SUS) scores given by users. A cluster analysis based on principal components was performed to determine methods that are closely related with regard on our usability measures. The first component PC1 explains nearly 75% of the variance. We believe that the figure below is the clearest representation of our study's overall results. In it, the two methods in Cluster 3 (PIN- and Sentence-Compare) perform best overall, and the three methods in Cluster 1 (Over-Audio, Image- Compare and Listen-Look) come in as close second. However, viewed in isolation, PIN-Compare stands out against all others. Our subjects' post-experimental ranking of the easiest and hardiest methods matched exactly the ranking along the first principal component of our usability measures. We also identified problematic methods for certain classes of users as well as methods best-suited for various device con gurations. For more details about this study, please take a look at our SOUPS09 paper.


The research team members of this project are Prof. Alfred Kobsa, Prof. Gene Tsudik, graduate students Ersin Uzun, Rahim Sonawalla, and myself.

SocialBIRN: understanding how distributed collaborations work

We are a team that consists of faculty members Prof. Paul Dourish and Prof. Gloria Mark, research scientist Dr. Charlotte Lee (now faculty member at University of Washington), and two PhD students Norman Su and myself. We studied a large scientific collabotory, the Biomedical Informatics Research Network (BIRN), from a social perspective. BIRN consists of a number of physically distributed sites (see the figure below, courtsey of BIRN). We conducted an ethnography study in understanding the role of technologies played in this kind of distrubted collaboration, and more broadly how scientific work is carried out in a distributed, collaborative manner. Norman Su and I wrote a report of suggestions to the fBIRN team.


Last modified: Tuesday, March 15, 2012